This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.
This newest release shares that security solution with customers who are running the Kubernetes as their container orchestration platform.
Black Duck Hub’s integrations with development tools helps companies shift their open source vulnerability scanning “left” in the development process. OpsSight helps them shift “right” to scan and monitor for newly discovered vulnerabilities in their production environments. In addition, with the advent of microservices and container repositories, companies are now including binaries in their applications – binaries for which they have no source code. OpsSight enables them to scan those containers prior to deployment and monitor them in production as well.
By scanning and continually monitoring containers in runtime environments, both IT operations teams and developers gain visibility into the specific vulnerability risks. IT also gains a tool showing them how widespread their open source risk is across the entire running application portfolio.
We see a lot of enterprises adopting OpenShift because Red Hat has assembled and packaged the ecosystem of tools needed to efficiently run a Kubernetes-based container orchestration platform. With version 1.0.2, OpsSight now supports companies building on the open source version of Kubernetes, and it allows us to broaden our portfolio of platforms to support other vendors such as Google and Amazon, who are adopting Kubernetes as an option in their orchestration platforms.